MAS hopes to strengthen its supervision of Digital Token Service Providers (DTSPs) based in Singapore but not conducting substantive business locally.
Report by: Aiying
The Monetary Authority of Singapore (MAS) recently released proposed regulatory updates for Digital Token Service Providers (DTSPs), which has sparked widespread attention and discussion in the Web3 industry. Aiying, a consultancy firm specializing in Web3 compliance services, conducted an in-depth analysis of the background, content, and potential impacts of these new MAS regulations. This article interprets the potential effects of these new regulations on the layout and development of Web3 enterprises in Singapore and the Asia-Pacific region.
I. MAS’s New Regulations: Combating “Shell” DTSPs
On October 4th, MAS published proposed regulatory updates regarding the licensing of Digital Token Service Providers (DTSPs), specifically targeting so-called “shell” DTSPs. The new regulations signify a significant increase in compliance thresholds and indicate that Singapore’s regulation of the crypto industry will become more stringent. Since 2020, Singapore has been screening DTSPs through strict anti-money laundering (AML) and countering the financing of terrorism (CFT) rules. This consultation, however, introduces higher requirements in terms of compliance and the viability of business models, particularly for companies that do not conduct substantive business locally.
References:
Singapore’s “2024 Money Laundering Risk Assessment Report” – internal and external money laundering challenges, common money laundering techniques, money laundering risks in various financial sectors
According to the Financial Services and Markets Act (FSMA), MAS aims to strengthen its supervision of DTSPs based in Singapore but not conducting substantive business locally. These so-called “shell” DTSPs may be used for illegal activities such as money laundering. MAS’s new regulations indicate their strong focus on risk management and maintaining the reputation of Singapore’s financial system, and they plan to conduct stricter scrutiny of these DTSPs.
II. Key Acts Related to Digital Token Service Providers and Their Relationships
Before understanding MAS’s new regulations, it is necessary to understand the relevant acts and their relationships related to DTSPs.
Financial Services and Markets Act (FSMA): This act was passed in 2022, but the specific implementation and applicability details are still under public consultation and preparation by MAS. The act aims to establish a legal framework for individuals, partners, and companies providing digital token services for regulatory purposes. The FSMA expands the definition of digital token services, covering a wider range of business activities, and authorizes MAS to regulate DTSPs based in Singapore but not conducting substantive business locally.
Payment Services Act (PS Act): This act regulates digital payment tokens (such as cryptocurrencies) and payment service providers to ensure the safe operation of these services in Singapore. For DTSPs providing payment services in Singapore, the PS Act sets detailed requirements for licenses and compliance. For more details, please refer to “【In-depth Analysis】Comprehensive Interpretation of Singapore’s Payment Services Regulatory Framework and Digital Payment Token (DPT) License Requirements”.
Securities and Futures Act (SFA): This act primarily focuses on the trading and regulation of capital market products, including tokenized securities and other digital assets. The SFA also applies to DTSPs involved in securities-related activities.
These three acts complement each other and form the compliance requirements framework for DTSPs operating in Singapore. In simple terms, the FSMA provides a comprehensive regulatory framework for digital token services, acting as a large umbrella covering all related services, while the PS Act and SFA provide more detailed guidance and requirements for different types of specific businesses (such as payment and securities). This combination ensures that DTSPs in Singapore are subject to both macro-level regulatory standards and targeted, practical operational guidelines, making the regulation comprehensive and specific.
III. New Requirements under the Financial Services and Markets Act
Based on MAS’s consultation document, DTSPs wishing to obtain licenses must meet a series of specific requirements, including but not limited to the following:
Minimum Capital Requirements: DTSPs must hold at least SGD 250,000 in basic capital to demonstrate their financial stability and operational commitment.
Local Compliance Team: DTSPs must establish a compliance team in Singapore, including at least one resident executive director and partner, to ensure local management and compliance supervision capabilities.
Independent Audit Mechanism: DTSPs need to undergo independent audits covering aspects such as network security and financial compliance, and submit audit reports regularly to demonstrate compliance with regulatory standards.
Penetration Testing and Network Security Requirements: Enterprises must perform penetration testing and fix all high-risk security vulnerabilities to ensure the security and data integrity of their technical platforms.
Independent Compliance Function: DTSPs need to establish an independent compliance function in Singapore, led by a compliance officer from the management team with appropriate qualifications, to ensure the independence and effectiveness of compliance work.
Audit Arrangements: Sufficient audit arrangements need to be established to assess and ensure the effectiveness of compliance controls. Audits should be independent and commensurate with the scale, nature, and complexity of business.
Office Space Requirements: Companies must have a permanent office space in Singapore to facilitate on-site inspections and regulatory supervision by MAS.
These measures undoubtedly increase compliance costs, and MAS will also conduct in-depth reviews of the viability of business models for companies that do not intend to conduct substantive business in Singapore. This strict licensing regime aims to increase transparency and ensure the legality and compliance of fund flows but also adds to the compliance burden of Web3 enterprises. Especially for Web3 companies expanding globally, whether Singapore’s new regulations are still attractive is a key question.
The various requirements proposed by MAS may lead many companies to reevaluate their strategies for establishing a presence in Singapore.
IV. What Should Companies Prepare for?
Aiying recommends that companies focus on the following points when dealing with these new regulations:
Establishment of Compliance Teams: According to MAS’s requirements, DTSPs must establish compliance teams in Singapore led by compliance officers with appropriate qualifications. Therefore, companies should plan their compliance architecture early, particularly in terms of recruiting and training local compliance personnel.
Audits and Network Security: MAS emphasizes the importance of penetration testing and audits. Companies should ensure that their network security systems meet MAS’s standards and verify the effectiveness of compliance controls through independent audits.
Designing Viable Business Models: For companies that intend to obtain licenses in Singapore but primarily operate in other regions, they must be able to provide a reasonable explanation to MAS regarding the necessity and credibility of their business models to obtain approval.
Capital Preparation and Risk Assessment: Companies should ensure compliance with the minimum capital requirement of SGD 250,000 and conduct sufficient risk assessments to prepare for possible future regulatory changes.
V. Specific Implementation Time and Transition Policy
MAS’s public consultation on these new guidelines and requirements will continue until November 4th. Although the specific dates for implementing these measures have not been confirmed, MAS stated that once the measures are finalized, the public will have approximately four weeks to transition to the new measures. At that time, any DTSPs operating in Singapore without a MAS license must either cease or suspend their operations in Singapore.
MAS emphasizes that these new measures are crucial for safeguarding the integrity of Singapore’s financial system and aligning with evolving international digital asset standards. For observers of the cryptocurrency industry, the key question is whether these stringent regulations will attract DTSPs to seek compliant operations in Singapore or deter some innovators due to high compliance costs.
This question also applies to the Asia-Pacific region, especially Hong Kong. In recent years, Hong Kong has shown proactive performance in the digital asset field, establishing regulatory sandboxes to support stablecoin issuers and financial institutions exploring tokenization use cases. It explicitly stated that digital asset innovation is an important driver of its financial industry growth. The choices made by Web3 institutions in the Asia-Pacific and even global regions regarding compliance architecture are crucial for long-term development. Aiying will continue to provide professional and practical insights to share its expertise.
